Cyber Liability

We have surveyed hundreds of small business owners and a frequent comment is a lack of understanding around cyber vulnerabilities. These owners want to learn more about cyber vulnerabilities and how it can impact their business.  Common questions are: Is my company at risk; how do I know my company has cyber security vulnerabilities; who can help me identify risk?

‍

A starting point is to simply review a cyber insurance application. The questions contained in the application are indicative of a lack of network controls where the insurance industry has experienced the most claims or breach events. Ask yourself some of these questions that are contained in a majority of applications: 

‍

• Do you have a cyber business continuity plan and has it been tested? 
• This may include having a dedicated person responsible for cyber security

• Having employee training annually that includes training on phishing emails, banning personal downloads, and testing continuity plans
• Having frequent backups of your sensitive data which is stored off site on an offline server

• Are employees required to set up multi factor authentication when logging into critical applications remotely? 
• Do you have multiple persons review large wire transfers and authenticate the recipient by two means of communication? 

‍

If you answered “no” to any of the above, your business might be at higher risk than believed. Further, your business might be uninsurable as these are viewed as necessary cyber controls for a carrier to offer a quotation. Many of our clients first focus on cyber resilience and then pursue insurance. 

‍

You can begin by asking your IT vendor why they haven’t been encrypting data in transit and at rest, why they don’t have training of employees on phishing, and if they have daily backups that are stored off-site, off network, and enable recovery in a reasonable amount of time.

‍

‍